From dc36c72e75c9b3ab36693b59252e3246ef53d5fb Mon Sep 17 00:00:00 2001 From: Sergio Correia Date: Mon, 29 Sep 2025 22:45:55 +0000 Subject: [PATCH 4/6] Clippy fixes Signed-off-by: Sergio Correia --- keylime-agent/src/config.rs | 13 ++++++------- keylime-agent/src/keys_handler.rs | 4 ++-- keylime-agent/src/main.rs | 10 +++++----- keylime-agent/src/payloads.rs | 12 ++++++------ keylime-agent/src/permissions.rs | 14 +++++++------- keylime-agent/src/quotes_handler.rs | 16 ++++++++-------- keylime-agent/src/revocation.rs | 15 +++++++-------- keylime-agent/src/secure_mount.rs | 6 +++--- keylime/src/crypto.rs | 12 ++++++------ keylime/src/ima/entry.rs | 7 +++---- keylime/src/registrar_client.rs | 2 +- keylime/src/tpm.rs | 14 +++++--------- 12 files changed, 59 insertions(+), 66 deletions(-) diff --git a/keylime-agent/src/config.rs b/keylime-agent/src/config.rs index 21c0516..f1fe7d1 100644 --- a/keylime-agent/src/config.rs +++ b/keylime-agent/src/config.rs @@ -614,8 +614,10 @@ fn config_translate_keywords( .collect::>() .join(", "), "latest" => { - if let Some(version) = - SUPPORTED_API_VERSIONS.iter().map(|&s| s.to_string()).last() + if let Some(version) = SUPPORTED_API_VERSIONS + .iter() + .map(|&s| s.to_string()) + .next_back() { version } else { @@ -980,7 +982,7 @@ mod tests { let expected = SUPPORTED_API_VERSIONS .iter() .map(|e| e.to_string()) - .last() + .next_back() .unwrap(); //#[allow_ci] assert_eq!(version, expected); } @@ -1273,10 +1275,7 @@ mod tests { let j = obtained.get(i).unwrap(); //#[allow_ci] assert!( e.to_string() == j.to_string(), - "Option {} mismatch: expected == '{}', obtained == '{}'", - i, - e, - j + "Option {i} mismatch: expected == '{e}', obtained == '{j}'" ); } } diff --git a/keylime-agent/src/keys_handler.rs b/keylime-agent/src/keys_handler.rs index 447f0d1..a4c9f21 100644 --- a/keylime-agent/src/keys_handler.rs +++ b/keylime-agent/src/keys_handler.rs @@ -327,7 +327,7 @@ async fn pubkey( HttpResponse::Ok().json(response) } Err(e) => { - debug!("Unable to retrieve public key: {:?}", e); + debug!("Unable to retrieve public key: {e:?}"); HttpResponse::InternalServerError().json(JsonWrapper::error( 500, "Unable to retrieve public key".to_string(), @@ -411,7 +411,7 @@ async fn verify( HttpResponse::Ok().json(response) } Err(e) => { - warn!("GET key challenge failed: {:?}", e); + warn!("GET key challenge failed: {e:?}"); HttpResponse::InternalServerError().json(JsonWrapper::error( 500, "GET key challenge failed".to_string(), diff --git a/keylime-agent/src/main.rs b/keylime-agent/src/main.rs index 9e3d727..be51a21 100644 --- a/keylime-agent/src/main.rs +++ b/keylime-agent/src/main.rs @@ -269,7 +269,7 @@ async fn main() -> Result<()> { config::KeylimeConfigError::Generic(message), )); } - info!("Running the service as {}...", user_group); + info!("Running the service as {user_group}..."); } // Parse the configured API versions @@ -403,7 +403,7 @@ async fn main() -> Result<()> { } } Err(e) => { - warn!("Could not load agent data: {}", e); + warn!("Could not load agent data: {e}"); None } } @@ -442,7 +442,7 @@ async fn main() -> Result<()> { path => agent_data_new.store(Path::new(&path))?, } - info!("Agent UUID: {}", agent_uuid); + info!("Agent UUID: {agent_uuid}"); // If using IAK/IDevID is enabled, obtain IAK/IDevID and respective certificates let mut device_id = if config.agent.enable_iak_idevid { @@ -595,7 +595,7 @@ async fn main() -> Result<()> { ) { Ok(t) => Ok(t), Err(e) => { - error!("Failed to load trusted CA certificates: {}", e); + error!("Failed to load trusted CA certificates: {e}"); Err(e) } }?; @@ -833,7 +833,7 @@ async fn main() -> Result<()> { Ok(ip_addr) => { // Add bracket if IPv6, otherwise use as it is if ip_addr.is_ipv6() { - format!("[{}]", ip_addr) + format!("[{ip_addr}]") } else { ip_addr.to_string() } diff --git a/keylime-agent/src/payloads.rs b/keylime-agent/src/payloads.rs index 3b8873d..8996a5e 100644 --- a/keylime-agent/src/payloads.rs +++ b/keylime-agent/src/payloads.rs @@ -109,14 +109,14 @@ fn write_out_key_and_payload( if bytes != key.as_ref().len() { return Err(Error::Other(format!("Error writing symm key to {:?}: key len is {}, but {bytes} bytes were written", key_path, key.as_ref().len()))); } - info!("Wrote payload decryption key to {:?}", key_path); + info!("Wrote payload decryption key to {key_path:?}"); let mut dec_payload_file = fs::File::create(dec_payload_path)?; let bytes = dec_payload_file.write(dec_payload)?; if bytes != dec_payload.len() { return Err(Error::Other(format!("Error writing decrypted payload to {:?}: payload len is {}, but {bytes} bytes were written", dec_payload_path, dec_payload.len()))); } - info!("Wrote decrypted payload to {:?}", dec_payload_path); + info!("Wrote decrypted payload to {dec_payload_path:?}"); Ok(()) } @@ -124,7 +124,7 @@ fn write_out_key_and_payload( // run a script (such as the init script, if any) and check the status fn run(dir: &Path, script: &str) -> Result<()> { let script_path = dir.join(script); - info!("Running script: {:?}", script_path); + info!("Running script: {script_path:?}"); if !script_path.exists() { info!("No payload script {script} found in {}", dir.display()); @@ -176,7 +176,7 @@ fn optional_unzip_payload( dec_file => { let zipped_payload_path = unzipped.join(dec_file); - info!("Unzipping payload {} to {:?}", dec_file, unzipped); + info!("Unzipping payload {dec_file} to {unzipped:?}"); let mut source = fs::File::open(zipped_payload_path)?; let mut zip = ZipArchive::new(source)?; @@ -215,7 +215,7 @@ async fn run_encrypted_payload( info!("No payload script specified, skipping"); } script => { - info!("Payload init script indicated: {}", script); + info!("Payload init script indicated: {script}"); run(&unzipped, script)?; } } @@ -304,7 +304,7 @@ pub(crate) async fn worker( info!("Successfully executed encrypted payload"); } Err(e) => { - warn!("Failed to run encrypted payload: {}", e); + warn!("Failed to run encrypted payload: {e}"); } } } diff --git a/keylime-agent/src/permissions.rs b/keylime-agent/src/permissions.rs index aa240d9..4b8ac9a 100644 --- a/keylime-agent/src/permissions.rs +++ b/keylime-agent/src/permissions.rs @@ -38,7 +38,7 @@ impl TryFrom<&str> for UserIds { if parts.len() != 2 { let e = format!("Invalid parameter format: {value} cannot be parsed as 'user:group'"); - error!("{}", e); + error!("{e}"); return Err(Error::Conversion(e)); } @@ -50,7 +50,7 @@ impl TryFrom<&str> for UserIds { let p = unsafe { libc::getgrnam(g_cstr.as_ptr()) }; if p.is_null() { let e = io::Error::last_os_error(); - error!("Could not get group {}: {}", group, e); + error!("Could not get group {group}: {e}"); return Err(Error::Conversion(e.to_string())); } unsafe { (*p) } @@ -65,7 +65,7 @@ impl TryFrom<&str> for UserIds { let p = unsafe { libc::getpwnam(u_cstr.as_ptr()) }; if p.is_null() { let e = io::Error::last_os_error(); - error!("Could not get user {}: {}", user, e); + error!("Could not get user {user}: {e}"); return Err(Error::Conversion(e.to_string())); } unsafe { (*p) } @@ -91,7 +91,7 @@ pub(crate) fn run_as(user_group: &str) -> Result<()> { // Set gid if unsafe { libc::setgid(ids.group.gr_gid) } != 0 { let e = io::Error::last_os_error(); - error!("Could not set group id: {}", e); + error!("Could not set group id: {e}"); return Err(Error::Permission); } @@ -127,18 +127,18 @@ pub(crate) fn run_as(user_group: &str) -> Result<()> { if unsafe { libc::setgroups(ngroups as usize, sup_groups.as_ptr()) } != 0 { let e = io::Error::last_os_error(); - error!("Could not set supplementary groups: {}", e); + error!("Could not set supplementary groups: {e}"); return Err(Error::Permission); } // Set uid if unsafe { libc::setuid(ids.passwd.pw_uid) } != 0 { let e = io::Error::last_os_error(); - error!("Could not set user id: {}", e); + error!("Could not set user id: {e}"); return Err(Error::Permission); } - info!("Dropped privileges to run as {}", user_group); + info!("Dropped privileges to run as {user_group}"); Ok(()) } diff --git a/keylime-agent/src/quotes_handler.rs b/keylime-agent/src/quotes_handler.rs index a49dcc4..d61adf2 100644 --- a/keylime-agent/src/quotes_handler.rs +++ b/keylime-agent/src/quotes_handler.rs @@ -95,7 +95,7 @@ async fn identity( ) { Ok(quote) => quote, Err(e) => { - debug!("Unable to retrieve quote: {:?}", e); + debug!("Unable to retrieve quote: {e:?}"); return HttpResponse::InternalServerError().json( JsonWrapper::error( 500, @@ -116,7 +116,7 @@ async fn identity( match crypto::pkey_pub_to_pem(&data.pub_key) { Ok(pubkey) => quote.pubkey = Some(pubkey), Err(e) => { - debug!("Unable to retrieve public key for quote: {:?}", e); + debug!("Unable to retrieve public key for quote: {e:?}"); return HttpResponse::InternalServerError().json( JsonWrapper::error( 500, @@ -193,7 +193,7 @@ async fn integrity( let pubkey = match crypto::pkey_pub_to_pem(&data.pub_key) { Ok(pubkey) => pubkey, Err(e) => { - debug!("Unable to retrieve public key: {:?}", e); + debug!("Unable to retrieve public key: {e:?}"); return HttpResponse::InternalServerError().json( JsonWrapper::error( 500, @@ -242,7 +242,7 @@ async fn integrity( ) { Ok(tpm_quote) => tpm_quote, Err(e) => { - debug!("Unable to retrieve quote: {:?}", e); + debug!("Unable to retrieve quote: {e:?}"); return HttpResponse::InternalServerError().json( JsonWrapper::error( 500, @@ -268,7 +268,7 @@ async fn integrity( let mut ml = Vec::::new(); let mut f = measuredboot_ml_file.lock().unwrap(); //#[allow_ci] if let Err(e) = f.rewind() { - debug!("Failed to rewind measured boot file: {}", e); + debug!("Failed to rewind measured boot file: {e}"); return HttpResponse::InternalServerError().json( JsonWrapper::error( 500, @@ -279,14 +279,14 @@ async fn integrity( mb_measurement_list = match f.read_to_end(&mut ml) { Ok(_) => Some(general_purpose::STANDARD.encode(ml)), Err(e) => { - warn!("Could not read TPM2 event log: {}", e); + warn!("Could not read TPM2 event log: {e}"); None } }; } } Err(e) => { - debug!("Unable to check PCR mask: {:?}", e); + debug!("Unable to check PCR mask: {e:?}"); return HttpResponse::InternalServerError().json( JsonWrapper::error( 500, @@ -309,7 +309,7 @@ async fn integrity( (Some(result.0), Some(result.1), Some(result.2)) } Err(e) => { - debug!("Unable to read measurement list: {:?}", e); + debug!("Unable to read measurement list: {e:?}"); return HttpResponse::InternalServerError().json( JsonWrapper::error( 500, diff --git a/keylime-agent/src/revocation.rs b/keylime-agent/src/revocation.rs index fae5a9c..738c12a 100644 --- a/keylime-agent/src/revocation.rs +++ b/keylime-agent/src/revocation.rs @@ -124,7 +124,7 @@ pub(crate) fn run_action( allow_payload_actions, )?; - info!("Executing revocation action {}", action); + info!("Executing revocation action {action}"); // Write JSON argument to a temporary file let raw_json = serde_json::value::to_raw_value(&json)?; @@ -171,7 +171,7 @@ pub(crate) fn run_action( return Err(output.try_into()?); } - info!("INFO: revocation action {} successful", action); + info!("INFO: revocation action {action} successful"); Ok(output) } @@ -233,7 +233,7 @@ fn run_revocation_actions( let msg = format!( "error executing revocation script {action}: {e:?}" ); - error!("{}", msg); + error!("{msg}"); return Err(Error::Script( action.to_string(), e.exe_code()?, @@ -273,8 +273,7 @@ fn process_revocation( let msg_payload: Value = serde_json::from_str(msg)?; debug!( - "Revocation signature validated for revocation: {}", - msg_payload + "Revocation signature validated for revocation: {msg_payload}" ); let outputs = run_revocation_actions( @@ -289,11 +288,11 @@ fn process_revocation( for output in outputs { if !output.stdout.is_empty() { let out = String::from_utf8(output.stdout)?; - info!("Action stdout: {}", out); + info!("Action stdout: {out}"); } if !output.stderr.is_empty() { let out = String::from_utf8(output.stderr)?; - warn!("Action stderr: {}", out); + warn!("Action stderr: {out}"); } } Ok(()) @@ -476,7 +475,7 @@ pub(crate) async fn worker( info!("Revocation processed successfully"); } Err(e) => { - error!("Failed to process revocation: {}", e); + error!("Failed to process revocation: {e}"); } } } diff --git a/keylime-agent/src/secure_mount.rs b/keylime-agent/src/secure_mount.rs index 573d0c9..435fdfc 100644 --- a/keylime-agent/src/secure_mount.rs +++ b/keylime-agent/src/secure_mount.rs @@ -47,7 +47,7 @@ fn check_mount(secure_dir: &Path) -> Result { return Ok(true); } else { let message = format!("Secure storage location {} already mounted on wrong file system type: {}. Unmount to continue.", secure_dir.display(), fs_type); - error!("Secure mount error: {}", message); + error!("Secure mount error: {message}"); return Err(Error::SecureMount(message)); } } else { @@ -65,7 +65,7 @@ fn check_mount(secure_dir: &Path) -> Result { let message = "Mount information parsing error: not enough elements" .to_string(); - error!("Secure mount error: {}", message); + error!("Secure mount error: {message}"); return Err(Error::SecureMount(message)); } } @@ -96,7 +96,7 @@ pub(crate) fn mount(work_dir: &Path, secure_size: &str) -> Result { )) })?; - info!("Directory {:?} created.", secure_dir_path); + info!("Directory {secure_dir_path:?} created."); let metadata = fs::metadata(&secure_dir_path).map_err(|e| { Error::SecureMount(format!( "unable to get metadata for secure dir path: {e:?}" diff --git a/keylime/src/crypto.rs b/keylime/src/crypto.rs index 5c951b1..19e651f 100644 --- a/keylime/src/crypto.rs +++ b/keylime/src/crypto.rs @@ -399,14 +399,14 @@ pub fn check_x509_key( .map_err(CryptoError::RSAGetPublicKeyError)? .n() .to_vec(); - let mut cert_n_str = format!("{:?}", cert_n); + let mut cert_n_str = format!("{cert_n:?}"); _ = cert_n_str.pop(); _ = cert_n_str.remove(0); let key = SubjectPublicKeyInfo::try_from(tpm_key.clone()) .map_err(CryptoError::SubjectPublicKeyInfoFromRSAError)?; let key_der = picky_asn1_der::to_vec(&key) .map_err(CryptoError::SubjectPublicKeyInfoToDERError)?; - let key_der_str = format!("{:?}", key_der); + let key_der_str = format!("{key_der:?}"); Ok(key_der_str.contains(&cert_n_str)) } @@ -418,14 +418,14 @@ pub fn check_x509_key( .map_err(CryptoError::RSAGetPublicKeyError)? .n() .to_vec(); - let mut cert_n_str = format!("{:?}", cert_n); + let mut cert_n_str = format!("{cert_n:?}"); _ = cert_n_str.pop(); _ = cert_n_str.remove(0); let key = SubjectPublicKeyInfo::try_from(tpm_key.clone()) .map_err(CryptoError::SubjectPublicKeyInfoFromRSAError)?; let key_der = picky_asn1_der::to_vec(&key) .map_err(CryptoError::SubjectPublicKeyInfoToDERError)?; - let key_der_str = format!("{:?}", key_der); + let key_der_str = format!("{key_der:?}"); Ok(key_der_str.contains(&cert_n_str)) } @@ -437,14 +437,14 @@ pub fn check_x509_key( .map_err(CryptoError::PublicKeyGetECCError)? .public_key_to_der() .map_err(CryptoError::PublicKeyToDERError)?; - let mut cert_n_str = format!("{:?}", cert_n); + let mut cert_n_str = format!("{cert_n:?}"); _ = cert_n_str.pop(); _ = cert_n_str.remove(0); let key = SubjectPublicKeyInfo::try_from(tpm_key.clone()) .map_err(CryptoError::SubjectPublicKeyInfoFromECCError)?; let key_der = picky_asn1_der::to_vec(&key) .map_err(CryptoError::SubjectPublicKeyInfoToDERError)?; - let key_der_str = format!("{:?}", key_der); + let key_der_str = format!("{key_der:?}"); Ok(key_der_str.contains(&cert_n_str)) } diff --git a/keylime/src/ima/entry.rs b/keylime/src/ima/entry.rs index 1168b3c..982afa7 100644 --- a/keylime/src/ima/entry.rs +++ b/keylime/src/ima/entry.rs @@ -431,10 +431,9 @@ impl TryFrom<&str> for Entry { template_hash, event_data: Box::new(ImaBuf::try_from(event)?), }), - template => Err(Error::new( - ErrorKind::Other, - format!("unrecognized template \"{template}\"",), - )), + template => Err(Error::other(format!( + "unrecognized template \"{template}\"", + ))), } } } diff --git a/keylime/src/registrar_client.rs b/keylime/src/registrar_client.rs index dcfcd22..e036845 100644 --- a/keylime/src/registrar_client.rs +++ b/keylime/src/registrar_client.rs @@ -320,7 +320,7 @@ impl<'a> RegistrarClientBuilder<'a> { // Try to reach the registrar let addr = format!("http://{registrar_ip}:{registrar_port}/version"); - info!("Requesting registrar API version to {}", addr); + info!("Requesting registrar API version to {addr}"); let resp = reqwest::Client::new() .get(&addr) diff --git a/keylime/src/tpm.rs b/keylime/src/tpm.rs index 8a8c85a..ac23720 100644 --- a/keylime/src/tpm.rs +++ b/keylime/src/tpm.rs @@ -1344,7 +1344,7 @@ impl Context<'_> { let mut pcrs = read_mask(mask)?; // add pcr16 if it isn't in the vec already - if !pcrs.iter().any(|&pcr| pcr == PcrSlot::Slot16) { + if !pcrs.contains(&PcrSlot::Slot16) { let mut slot16 = vec![PcrSlot::Slot16]; pcrs.append(&mut slot16); } @@ -1838,9 +1838,7 @@ fn check_if_pcr_data_and_attestation_match( .map_err(|source| TpmError::OpenSSLHasherFinish { source })?; log::trace!( - "Attested to PCR digest: {:?}, read PCR digest: {:?}", - attested_pcr, - pcr_digest, + "Attested to PCR digest: {attested_pcr:?}, read PCR digest: {pcr_digest:?}", ); Ok(memcmp::eq(attested_pcr, &pcr_digest)) @@ -1884,12 +1882,11 @@ fn perform_quote_and_pcr_read( } log::info!( - "PCR data and attestation data mismatched on attempt {}", - attempt + "PCR data and attestation data mismatched on attempt {attempt}" ); } - log::error!("PCR data and attestation data mismatched on all {} attempts, giving up", NUM_ATTESTATION_ATTEMPTS); + log::error!("PCR data and attestation data mismatched on all {NUM_ATTESTATION_ATTEMPTS} attempts, giving up"); Err(TpmError::TooManyAttestationMismatches { attempts: NUM_ATTESTATION_ATTEMPTS, }) @@ -2128,8 +2125,7 @@ pub mod testing { // Always 1 PCR digest should follow if count != 1 { return Err(TpmError::InvalidRequest(format!( - "Expected 1 PCR digest, got {}", - count + "Expected 1 PCR digest, got {count}" ))); } -- 2.47.3